Microsoft announces huge bug bounty rewards for security flaws

Microsoft announces huge bug bounty rewards for security flaws

Microsoft announces huge bug bounty rewards for security flaws

They "will continue indefinitely at Microsoft's discretion", the security response team said.

Indeed, in the spirit of helping "maintain a high-security bar in Windows", Microsoft today announced the launch of the Windows Bounty Program.

"Since 2012, we have launched multiple bounties for various Windows features", the MSRC blog entry said.

This new Windows Bug Bounty program will go a long way towards helping identify and patch vulnerabilities in Microsoft's products, with a focus on remote code execution, privilege escalation, and inherent design flaws.

Which of these is the best music video of the year?
The renaming of the category is in line with other recent changes made to the network's two high-profile U.S. awards events. MTV has gotten rid of gender categories like best male and female video and instead focus mostly on music genres instead.

Army Tank On JNU Campus Soon? If Vice-Chancellor Gets His Way
People who stay in extreme conditions and risk their lives should be given all the rights to take extreme decisions... Jagadesh Kumar requested the union minister to arrange an old Army tank for displaying it in the campus.

Cowboys owner Jerry Jones backs Ezekiel Elliott amid domestic violence investigation
This is a bold statement of support by the elder Jones, who has refused to comment about the situation recently. Elliott could face a short suspension of one or two games, ESPN's Adam Schefter reported earlier this month.

Bounty payouts will range from $500 to $250,000. So has Windows, but in a limited capacity, as Microsoft always decided what Windows features researchers could probe, and for what amount of time. Hyper-V is now top priority, as a bad bug in that code can earn you up to US$250k, $50k more than is on offer for any other bug and an increase on previous payments for those who find critical remote code execution, information disclosure and denial of services vulnerabilities in the virtualization code.

For years, Microsoft has run a bug bounty program where security researchers could report bugs in Microsoft products and earn money for their findings.

Microsoft has been running the bounty programme since 2012 but the company is expanding it to cover more ground in Windows 10. The new programs will have a maximum payout of $250,000 for a Hyper-V exploit with Remote Code Execution, and a maximum of $200,000 for Windows 10 exploits that are "Novel & fundamental advancement [s] in exploitation technology that universally bypasses current mitigations". However, the exploit needs to work on the latest release of the Windows Insider Preview slow ring. Payouts for discovering Windows Insider Preview bugs will range from $500 to $15,000.

Related news



[an error occurred while processing the directive]